Purpose: The FDA is recommending that medical device manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks.

Summary of Problem and Scope: Many medical devices contain configurable embedded computer systems that can be vulnerable to cybersecurity breaches. In addition, as medical devices are increasingly interconnected, via the Internet, hospital networks, other medical device, and smartphones, there is an increased risk of cybersecurity breaches, which could affect how a medical device operates.

Recently, the FDA has become aware of cybersecurity vulnerabilities and incidents that could directly impact medical devices or hospital network operations, including:

On June 13th the U.S. Food and Drug Administration issued a cybersecurity advisory statement addressing the need for increased focus on security in medical devices and hospital networks. The statement is no surprise as it follows a more than a year of mounting pressuring and increasing evidence that the health-care sector is among the most vulnerable to hackers. Not only are they vulnerable but the data that typical medical networks contain is highly sensitive, Chris Wysopal outlined this in a recent interview with Fox News. And of course there’s also the fact that a medical device not working as it should can be the difference between life and death.

There’s no argument that the need for more security is apparent and imperative so we applaud the FDA for taking these first steps in remediating the problems at hand. The advisory statement recommends the following steps for medical device manufacturers;

Staggering numbers no doubt, you might be asking exactly how dangerous is this information? Health insurance fraud, financial identity theft, credit risk and even personal endangerment. If a someone undergoes a medical procedure under your identity, your medical records become flawed. health-care-companies-hackedIn a scenario where you’re undergoing emergency procedures your records could say you’ve had your appendix out when in fact you haven’t.